MySQL Crafted IF Clause Divide-by-zero NULL Dereference DoS

medium Nessus Plugin ID 25198

Synopsis

The remote database server is prone to a denial of service attack.

Description

The version of MySQL installed on the remote host reportedly is affected by a denial of service vulnerability that may be triggered with a specially crafted IF query. An attacker who can execute arbitrary SELECT statements may be able to leverage this issue to crash the affected service.

Solution

Upgrade to MySQL Community Server 5.0.41 / 5.1.18 / Enterprise Server 5.0.40 or later.

See Also

http://bugs.mysql.com/bug.php?id=27513

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-41.html

http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-40.html

Plugin Details

Severity: Medium

ID: 25198

File Name: mysql_select_if_dos.nasl

Version: 1.24

Type: remote

Family: Databases

Published: 5/10/2007

Updated: 7/16/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/29/2007

Reference Information

CVE: CVE-2007-2583, CVE-2007-2692

BID: 23911

CWE: 189